The Stroz Friedberg Cyber Brief

  FEATURED STORY            



Verizon’s top attorney signalled last week that the massive data breach at Yahoo could upend its $4.8 billion acquisition of the tech firm's core business. “I think we have a reasonable basis to believe right now that the impact is material, and we're looking to Yahoo to demonstrate to us the full impact,” Verizon General Counsel Craig Silliman said of the breach. The pending deal, which is expected to close in the first quarter, has a legal clause that says Verizon can back out if a new event “reasonably can be expected to have a material adverse effect on the business.” The breach occurred two years ago but was only discovered after the merger was signed in July. Earlier in the week, Verizon CEO Lowell McAdam said the carrier planned to follow through with the acquisition, but he did not rule out seeking to alter its terms. (WSJ, Reuters, WaPo)


Nuclear Plant: The head of the UN nuclear watchdog, Yukiya Amano, said early last week that a nuclear power plant was the target of a disruptive cyberattack two to three years ago, and said there is a serious threat of militant attacks on such plants. (Reuters)


Insider Threats: Security analysts say that the recent arrest of NSA contractor Harold Martin III shows that the intelligence community has much further to go in stopping insider threats. A recent Defense Department report said the NSA had yet to effectively implement its post-Snowden security improvements. (Defense One)


Aviation: Cybersecurity experts are growing more concerned about vulnerabilities in the decades-old system called Acars, which is primarily used for air-traffic purposes and provides information about the status of various aircraft components during flights. (WSJ)


ATMs: The number of ATMs compromised by criminals jumped more than sixfold from 2014, according to a recent report from FICO, a credit-score provider and analytics firm. Both Mastercard and Visa are to become liable for any fraud costs that occur if a chip-enabled card is used at a machine that isn’t equipped with chip technology. (WSJ)

SWIFT: Researchers at Symantec said that a second hacking group, known as Odinaff, has tried to rob banks in the United States, Hong Kong, Australia, the United Kingdom, and Ukraine using fraudulent SWIFT messages. The company said it would share technical information about Odinaff with banks, governments, and other security firms. (Reuters)


Foreign Servers: The Department of Justice is appealing a landmark court decision from last July that found that a U.S. warrant could not compel Microsoft to retrieve emails stored on a server located in Ireland. DOJ has filed for a new hearing in front of the full appeals court for the Southern District of New York, arguing that the previous ruling will hamper investigations. (The Hill)


Flash Crash: UK-based trader Navinder Sarao, who stands accused of contributing to the 2010 Wall Street "flash crash" by placing bogus orders to spoof the market, will be sent to the United States to face trial. He faces up to more than 350 years in prison. (Reuters)

Police Surveillance: An ACLU report explains how Twitter, Facebook, and Instagram provided data to Geofeedia, a Chicago-based company, that then delivered real-time surveillance information to help 500 law enforcement agencies track and respond to crime. The social media companies have stopped providing this information. (WaPo)


  ON THE HILL                                    

Election Hacking: The Obama administration has said it would deliver a “proportional” response to Russia’s alleged hacking of U.S. computer systems. However, the White House said it was unlikely that its retaliatory actions would be publicly announced ahead of time. In related news, the federal government has helped 33 states and 11 county and local election agencies shore up cybersecurity ahead of the November vote. (Politico, The Hill)

G7: Group of Seven countries have agreed on non-binding guidelines for protecting the global financial sector from cyberattacks following a series of cross-border bank thefts by hackers. A U.S. Treasury official said the guidance was an effort to encourage regulators and firms to approach cybersecurity from a risk-management perspective. (Reuters)

  PRIVATE SECTOR                             

Google: The search giant updated its transparency report on government requests for user data.  Globally, the company received nearly 45,000 government requests for information regarding more than 75,000 accounts during the first half of 2016. (Google)


Signal: The instant messaging app added a new feature that allows users to let messages self-destruct in as little as five seconds. Edward Snowden has said he uses Signal “every day,” and the app has become one of the most popular messaging tools for a range of users. (Wired)

IBM: The company is betting big on artificial intelligence through its campaign to commercialize Watson, industry analysts say. For instance, a new genomics service that helps doctors treat cancer patients is just one step in the company’s march to build a so-called ecosystem of corporate partners and software developers that use Watson technology. (NYT)

  THE WORLD                                     

UK: Britain's banks are reportedly not disclosing the full extent of cyberattacks to regulators for fear of punishment or bad publicity. Experts say that forced disclosures in the United States makes reporting more consistent. (Reuters)

China: The Asian country has overtaken the United States in terms of the number of papers published annually on so-called “deep learning,” a component of artificial intelligence. The rate of increase is remarkably steep, reflecting how quickly China's research priorities have shifted, experts say. (WaPo)


How to Win the Cyberwar Against Russia: “The cybersphere is not immune to the universal legal norms that require a nation to respond to an attack in proportional fashion. In other words, you can’t destroy the Russian electric grid in response to email hacks. From a strategic perspective, the response should also be timely (although at a time and place of the responder’s choice) and distinctive — that is, it should bear a clear and specific relationship to the original attack that is recognizable to all. With all this in mind, there are a variety of responses that the Obama administration should be considering against Russia,” writes James Stavridis in Foreign Policy.


Obama Talks AI, Autonomous Cars, and the Future of Humanity: “It’s hard to think of a single technology that will shape our world more in the next 50 years than artificial intelligence. As machine learning enables our computers to teach themselves, a wealth of breakthroughs emerge, ranging from medical diagnostics to cars that drive themselves. A whole lot of worry emerges as well. Who controls this technology? Will it take over our jobs? Is it dangerous? President Obama was eager to address these concerns. The person he wanted to talk to most about them? Entrepreneur and MIT Media Lab director Joi Ito. So I sat down with them in the White House to sort through the hope, the hype, and the fear around AI,” writes Scott Dadich in Wired.


America’s Dilemma Over Russian Cyberattacks: “The US also needs to make clear to the Russians, as it has to the Chinese, that it will not tolerate this sort of activity. With China there is a developed economic relationship which gives Washington some leverage. With Russia, in the aftermath of Mr Putin’s incursion into Crimea, the relationship is as poor as it has ever been and economic ties have largely been cut. This makes it hard for the US to retaliate, short of tightening the sanction regime that is already in place, if necessary unilaterally,” write editors of the Financial Times.

How War Goes Viral: “The fate of the self-declared caliphate, now under the assault of nearly two dozen national militaries, is uncertain. Yet the group has already proved something that should concern any observer of war and peace, law and anarchy. While the Islamic State has shown savvy in its use of social media, it is the technology itself—not any unique genius on the part of the jihadists—that lies at the heart of the group’s disruptive power and outsize success. Other groups will follow. And not just terrorist groups. This is only the beginning of a larger revolution, one that is already starting to reshape the operations of small-time gangs on one end of the spectrum, and the political and military strategies of heavily armed superpowers on the other,” write Emerson Brooking and P.W. Singer in the Atlantic.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.